Evidence, access aid job security when compliance staff raise a red flag

February 9, 2012

By Emmanuel Olaoye

NEW YORK, Feb. 9 (Thomson Reuters Accelus) – Two vivid reminders of the job-security perils faced by compliance officers and others who sound alarms at company practices were provided last week by a congressional hearing into the MF Global bankruptcy and a federal appeals court ruling on whistleblower law.

The risks may be part of the job, but skillful management of internal policies and wise self-protection can help avoid career-threatening retaliation, experts said.“If you uncover a problem and you complain about it you are going to do so in jeopardy. Once you walk into that room, you could be fired or made a scapegoat if they can’t contain it,” New York-based securities industry lawyer Bill Singer said.

In the first case, MF Global’s former chief risk officer, Michael Roseman, told a U.S. House Financial Services subcommittee hearing last week that his repeated warnings about the firm’s aggressive trading strategy may have led to his firing.

MF Global collapsed in late October amid market alarm over its bets on European sovereign debt – the same investments Roseman said he had warned chief executive officer Jon Corzine about. Roseman said the firm had continued the strategy with the apparent approval of its directors.

Roseman said he was asked to leave MF Global in January 2011. “My views on risk certainly played a factor in that decision,” he testified.

Also last week, the U.S. First Circuit Court of Appeals ruled that a U.S. law protecting whistleblowers at publicly traded companies does not cover employees of private companies who are working on contract with a public company. In a case involving two former Fidelity Investments employees, the court overturned a Boston federal judge’s decision to apply the provisions of the Sarbanes-Oxley Act to private companies serving under contract.

The events may have compliance and risk officers wondering whether, and under what circumstances, they are protected by federal securities-related laws.

The anti-retaliatory provisions of Sarbanes-Oxley section 806 only apply to companies whose securities are registered under the Securities Exchange Act of 1934 or are required to file reports under the Exchange Act, and do not on their face protect employees of private companies such as Fidelity.

But Securities and Exchange Commission rules under section 922 of the Dodd-Frank Act do protect employees for reporting suspected wrongdoing, whether the company is public or private. Similar Commodity Futures Trading Commission rules providing whistleblower rewards and protections implement section 748 of Dodd-Frank.

Unfortunately for anyone in the position Roseman said he was in, Sarbanes-Oxley and the Dodd-Frank rules address fraud, not differences of opinion on business decisions. But there are ways for compliance and risk officers to protect themselves from retaliation for raising alarms about possibly budding problems. There also are ways for firms to encourage employees to come forward and report what they think they’re seeing, and there are good reasons for firms to do so.


Potential retaliation goes with the territory. Compliance and risk officers, who perform internal watchdog functions, need to know how to escalate potential problems before they become violations, and they must fully understand how to use internal and external reporting channels.

“When you accepted the job, that is what it came with. That is what you signed up for. At some point, you could face losing your job for doing the right thing,” Singer said.

Even if an employee is not fired for reporting concerns, co-workers or managers may blame the messenger for any consequences of the problem exposed by the employee, such as fines or sanctions, Singer said.

There are also risks for failing to report potential legal violations, said Georgia Bullitt, a partner at the law firm Morgan Lewis & Bockius.

“The securities laws provide for criminal actions against willful violation of the rules, but they do not single out compliance officers. For example, rule 38a-1 [under the Investment Company Act of 1940] provides for the preparation of an annual compliance report, but the rule does not include language indicating that the chief compliance officer certifies that the report is accurate under penalty of law. If the CCO willfully lied about a material matter or willfully failed to disclose a violation of the federal securities laws in an annual report, I think he or she probably could be subject to criminal prosecution, although it may not be an easy case to prove. I am not sure the CFTC rules really impose a higher liability standard than the securities laws and rules but they have the potential to have a chilling effect in that they specifically mention criminal liability in the context of a compliance officer,” Bullitt said.

Employees face a choice in deciding whether to report suspected wrongdoing internally or to go to an outside agency such as the SEC, or do both The SEC rules are designed to encourage internal reporting by authorizing the SEC to increase potential awards if the employee has first used internal channels – and to lower the award if the employee did not use available reporting channels.

Moreover, an internal investigation, or one done by outside counsel at the request of the board or a board committee may reveal evidence of the wrongdoing or details such as the financial extent of the any problems. This can bring the SEC investigation to a successful conclusion faster and possibly increase the amount of the bounty if there is one.

Using the SEC’s whistleblower reporting mechanism enables the whistleblower to avail himself or herself of the anti-retaliatory protections of the program and avoid being fired for blowing the whistle, said Jerry Markham, a Florida International University School of Law professor and a specialist in the regulation of financial and commodities markets.

Markham said Sarbanes-Oxley and SEC rules require company lawyers to report up the chain to the board, but they are not required to report to the government if no action is taken.


Since employers may assert dubious reasons for firing an employee, it is critical that potential whistleblowers have strong evidence in hand before they report a suspected violation. The documented evidence will not only bolster the credibility of suspicions, it can help establish a timeline to suppport a whistleblower’s case against allegations of a performance decline that started only after a problem was reported.

“The big determinant is how good your proof is and how many people know about it. If you are going to fall on your sword, you better have copies of it in your hand,” said Susan Egan, an employment lawyer at Egan Attorneys in New York.

But it’s not necessary for employees to wait for conclusive proof before raising a red flag, Singer said. “If they wait until they have 100 percent proof the firm could be bankrupt.”

If the employee has proof of misconduct, there is every chance the person will receive some protection from the new CFTC and SEC rules. An employer who terminates a whistleblower must show there was a legitimate reason for the firing and that it is not retaliatory.

“If you have a whistleblower that has been harmed, it is incumbent that the burden shifts to the employer to show they had a reason to fire the employee,” said Tonya Grindon, a shareholder at Baker Donelson Bearman Caldwell & Berkowitz in Nashville.

Employees should not only document wrongdoing, but any suspected retaliatory actions taken by their employer as well, said attorney Latour Lafferty, a shareholder at Fowler White Boggs in Tampa.

“Otherwise you get caught up in he-said, she-said. The only thing you have to corroborate against each other is emails and the documentation file. It is really important for the whistleblower to document what action is done,” Lafferty said.


Each firm holds the primary responsibility for letting internal watchdogs work effectively, Bullitt said.

“I think that the most important protection that a firm can provide [compliance and risk officers] and that regulations should encourage is to recruit honest, hardworking, talented people to do the jobs. This is probably best accomplished by paying well and providing strong staff and other support, including a robust reporting line so that the officer will have management behind him or her if he or she finds a problem. While I think it’s useful for the CCO to have interaction with the board and support of the board, I think the key element is for the CCO to have the unqualified support [of the top executives],” Bullitt said.

There may be circumstances where the best course of action is to discuss the problem with management, said Egan, who has worked on cases involving wrongful termination and discrimination. If a direct report is involved in wrongdoing, the compliance officer should consider talking to the next-highest person in charge who is not involved in the potential violation.

In a case like MF Global, a whistleblower’s options may depend on who has the ultimate responsibility for the risk taken by a firm, Markham said.

“The risk manager did his job in reporting the nature and volume of the risk here, but at the end of the day, it is up to the CEO and the board to make the decision of how much risk is too much,” Markham said, referring to press accounts about the MF Global.

Employees should know how to protect themselves, or be protected, from dominant executives or producers, and that’s where open lines of communication to the board help.

Firms should adopt innovative techniques to encourage employees to report possible unethical conduct, including recognizing them publicly and offering financial incentives, said Jordan Thomas, a partner in the New York law firm Labaton Sucharow.

“Organizations should be prepared to investigate, in a timely manner, reports of misconduct. When legal or ethical violations are discovered, violators should be held accountable, regardless of their position in the organization, and in a manner consistent with others similarly situated,” Thomas said.

The governance structures should be in place before questions or problems arise, Lafferty said, adding, “The board should be [making] the C-level guys accountable. It diminishes the chance of being retaliated against.”

If that fails, “you need a realistic assessment of your job and what your values are,” Lafferty said.

(Additional reporting by Julie DiMauro and Stuart Gittleman)

(This article was produced by the Compliance Complete service of Thomson Reuters Accelus.  Compliance Complete (http://accelus.thomsonreuters.com/solut ions/regulatory-intelligence/compliance- complete/) provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 230 regulators and exchanges.)

No comments so far

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/